This Week’s Cybersecurity News, 12/16/2022

Share on

This week’s e-newsletter lets you know that there is a current non-threat , which is an email about tiny URLs. There are continuing threats with regards to phishing and spear phishing attacks. And there are several updates you need to make sure you have.

I want to remind everyone that I appreciate you sharing these e-newsletters with family, friends, clients, students, and anyone else who may benefit from the information. I would like to stress that you should keep your students in mind, as non-employee students may not get this information without you sharing. Thanks to a request some months back, I do include CVM students. However, if anyone else has an email group for students who are not employees of your department, please let me know what that address is and I can include them, as well. I do this as a blind copy so student names and addresses will not show up!

Current Non-Threats

  • Tiny URLs (email)
    • The subject is Tiny URL(s) Due for Renewal or Suspended.
    • The sender is noreply <noreply@utk.edu>.
    • The email is notifying you that a tiny URL assigned to you is due for renewal and that if it is not renewed the tiny URL will be suspended by a certain date and removed by another given date.
    • The email is legitimate.
    • Tiny URL is UT’s “URL Shortener Service” and allows you to create a tiny.utk.edu address that shortens long URLs so that it is easier to share them.
    • Tiny URLs are to be renewed annually by the person responsible for their maintenance.
    • Just type in https://tiny.utk.edu to log in with your NetID and password, then click on the “manage my urls” button in the top-right corner to renew or delete.
    • The date for which you may receive this email depends on the date of your tiny URL creation.
    • I would recommend that if you have several tiny URLs, it is so much easier to maintain them if you renew them on the same day so you only have to do this one each year.

Current Threats

  • Job Opening Announcements (email)
    • We are still getting several variations of job openings that look like they are coming from an actual UT person, typically a professor.
    • The sender’s address may be the NetID followed by @gmail.com, or the email address may be spoofed.
    • The job is almost always for a personal assistant-type position, but can vary.
    • The job announcement says that you can work from home.
    • The job announcement varies in how much it pays, but the job usually offers at least $350/week for less than 10 hours of remote work.
    • These emails often have many errors throughout the message that are signs the message is a scam:
      1. Spelling
      2. Grammar
      3. Punctuation
      4. Formatting
    • Please do not reply to these emails.
    • If you really want to know if the sender is who they claim to be, call the phone number from the UT directory (not the email) and ask.
    • Please use Reporting Phishing Attempts to forward the message and its Internet header to OIT Abuse and me.
      • It is important to follow these instructions so that you include the Internet headers when reporting.
      • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.
  • Other Spear Phishing Attacks (email)
    • We are still getting lots of spear phishing attempts, so I am giving you some reminders of what to avoid.
    • The messages typically look like they come from a supervisor or other member of leadership.
    • The messages are very brief.
    • The messages have a sense of urgency.
    • The sender’s reply-to address is almost always from an @gmail.com account.
    • If you reply, you will most likely be asked to go buy gift cards and email the cards’ codes.
    • Do NOT buy gift cards!!!
    • Don’t reply.
    • If you are unsure of the email, forward it to me or pick up the phone and call the person who supposedly sent it and ask before doing anything else.
    • The sender is telling you they are too busy for a call because they don’t want you to call the real person and find out the email was a scam!
    • Please use Reporting Phishing Attempts to forward the message and its Internet header to OIT Abuse and me.
      • It is important to follow these instructions so that you include the Internet headers when reporting.
      • The Internet headers are what our email administrators use to block the sender from sending more emails from that IP address.

Brower, OS, and Software Updates

  • Microsoft
    • Microsoft has released security updates to address vulnerabilities in Microsoft software.
    • Updates are being automatically pushed to Institute-owned computers.
    • If you have recently clicked to have your computer restart later to finish these updates, please make sure your reboot right away to ensure all available updates have been applied.
    • Exploitation of these vulnerabilities could allow an attacker to take control of the affected device.
  • Apple
    • Apple has released security updates for multiple products to address vulnerabilities.
    • Please make sure you have applied all available updates for these products:
      1. iCloud for Windows 14.1
      2. Safari 16.2
      3. macOS Monterey 12.6.2
      4. macOS Big Sur 11.7.2
      5. tvOS 16.2
      6. watch OS 9.2
      7. iOS 15.7.2 and iPodOS 15.7.2
      8. iOS 16.2 and iPadOS 16.2
      9. macOS Ventura 13.1
    • Exploitation of these vulnerabilities could allow an attacker to take control of the affected device.

Thanks for all you do to protect the Institute and its data. And a big thanks to those who have given me thoughts for This Week’s Cybersecurity News. As always, if you need me and I don’t get back with you quickly enough via email or if it is an emergency, please call my cell number at any time.

Have a wonderful weekend!

Sandy